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Section I: 

AMENDMENT UNDER 37 CFR §1.121 to the 
CLAIMS 

Claim 1 (currently amended): 

A method for extending and grouping actions and permissions for authorization of a 
requesting user to access or use a requested protected system resource in a computer 
system, said method comprising the steps of: 

providing an access control policy associated with said requested protected 
system resourc e, mid uuxm c u uli u l pulLy containing a permission list of permitted 
identities for iuc u f said piuliU u l system ic&uuiie, aaid puuii&siun lis! ujulamiiig and at 
least one action group tag [[and]] with associated action indicators; 

reusing a finite quantity of action i ndicators among a plurality of action ^ mup 
tags to control a number of unique permis sions [ess than or equal to the product of the 
quantity of allowable action in dicators and a quantity of allowable action group tags; 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a correlation 
between permissible actions and members of a set of action indicators; and 

granting authorization to perform actions on said requested protected system 
resource to said requesting user if said access control policy permission list includes an 
appropriate action indicator correlated to an action group tag. 

Claim 2 (original): 

The method as set forth in Claim 1 further comprising providing in an access control 
policy permission list a plurality of action group tags, each action group tag having one 
or more associated action indicators, such that resultant granting of authorization to act 
on said requested protected object is completed if the requested action is allowed by any 
of the associated action indicators of any of the action groups. 
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Claim 3 (currently amended): 

The method as set forth in Claim [[2]] 1 wherein said requested protected system 
resource comprises a computer file sent t o a local computer from a remote computer over 
a computer network further c o mprising reusing a c tion g iu up pcrniisMim iiidiia lu i s 
among action gioupa &u Ji tha t a finite list of acti o n giuup puini&sion iuJital u is may be 
used t o control a maximum number of unique painissiuns equal to th e pioduU uf di e 
number of u nique allowable permission giuup indicator mul t iplied by a maximum 
number of allowable action group tags . 

Claim 4 (original): 

A method for managing permission indicators for computer system protected objects 
comprising the steps of: 

providing a plurality of permission indicator containers in an access control list 
Access Contiul List ; 

associating a first set of permission indicators with a primary permission indicator 
container, and 

associating one or more additional sets of permission indicators with additional 
permission indicator container s, wherein said permission indicators are reused among 
said containers such that permission indicators may be categorized and grouped logically 
to facilitate efficient and cfllUwc lnanaguautl u f sccmiiy uuliiv control a number of 
unique permissions less than or equal to th e product of a quantity of allowable action 
indicators and a quantity of allowable action g roup ta gs . 

Claim 5 (original): 

The method as set forth in Claim 4 wherein said step of providing a first set of permission 
indicators comprises providing at least one other (additional) permission indicator set 
having equivalent permission indicators to said first set such that permission indicators 
may be assigned unique permissive control according to a permission indicator container 
with which they are associated. 
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Claim 6 (original): 

The method as set forth in Claim 5 wherein said step of providing an equivalent set of 
permission indicators comprises providing the characters "a ,! through "z M and "A" 
through "Z" as permission indicators. 

Claim 7 (currently amended): 

The method as set forth in Claim [[5]] 4 further comprising associating an action group 
tag with a permission indicator container. 

Claim 8 (currently amended): 

The method as set forth in Claim 7 further comprising the step of providing an action 
group tag with an associated list of permission indicators in an access control list 
Access C o nt ro l Lis t entry. 
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Claim 9 (currently amended): 

A computer readable medium encoded with software [[or]] £qt extending and grouping 
actions and permissions for authorization of a requesting user to access or use a requested 
protected system resource in a computer system, said software when executed causing a 
computer t o perform the performing steps [[of]] comprising : 

providing an access control policy associated with said requested protected 
system resourc e; said access c o ntr o l policy containing a permission list of permitted 
identities for use of said protec t ed system res o urce, said p e rmission list con t aining and at 
least one action group tag [[and]] with associated action indicators; 

reusing a finite q uantity of action indicators among a plurality of action g roup 
tags to control a number of unique permissions less than or equal to the product of the 
quantity of a llowable action indicators and a quantity of allowable action group tags: 

evaluating said permission list according to a specific permission definition 
associated with said action group tag, said permission definition providing a correlation 
between members of a set of action indicators; and 

granting authorization to perform actions on said requested protected system 
resource to said requesting user if said access control policy permission list includes 
an appropriate action indicator correlated to an action group tag. 

Claim 10 (original): 

The computer readable medium as set forth in Claim 9 further comprising software for 
providing in an access control policy permission list a plurality of action group tags, each 
action group tag having one or more associated action indicators, such that resultant 
granting of authorization to act on said requested protected object is completed if the 
requested action is allowed by any of the associated action indicators of any of the action 
groups. 
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Claim 1 1 (currently amended): 

The computer readable medium as set forth in Claim 9 wherein said requested protected 
system resource comprises a computer file sent to a local computer from a remote 
computer over a computer network 10 further comprising s oft ware for r eusing acti o n 
gr o up indica t ors am o ng action groups . 

Claim 12 (currently amended): 

A computer readable medium encoded with software for managing permission indicators 
for computer system protected objects, said software when executed causing a c o mput e i 
t o perfoini die performing steps [[of]] comprising : 

providing a plurality of permission indicator containers in an access control list 
Access Control List ; 

associating a first set of permission indicators with a primary permission indicator 
container; and 

associating one or more additional sets of permission indicators with additional 
permission indicator container s, wherein said permission indicators are reused amon g 
said containers such that permission indicators may be categorized and grouped logically 
to facilitate efficient and effec t ive mana g ement of sccmily uulicv control a number of 
unique permissions less than or equal to the product of a quantity of allowable action 
indicators and a quantity of allowable action group ta gs 

Claim 13 (original): 

The computer readable medium as set forth in Claim 12 wherein said software for 
providing a first set of permission indicators comprises software for providing permission 
indicators which are equivalent to at least one other (additional) permission indicators 
such that permission indicators may be assigned unique permissive control according to a 
permission indicator container with which they are associated. 
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Claim 14 (original): 

The computer readable medium as set forth in Claim 13 wherein said software for 
providing equivalent permission indicators comprises software for providing a set of 
permission indicators including the characters "a" through "z" and "A" through "Z". 

Claim 15 (currently amended): 

The computer readable m e diums medium as set forth in Claim 12 further comprising 
software for associating an action group tag with a permission indicator container. 

Claim 16 (currently amended): 

The computer readable medium as set forth in Claim 15 further comprising software for 
providing an action group tag with an associated list of permission indicators in an 
Access Con t rol List access control list entry. 
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Claim 1 7 (currently amended): 

An authorization system for extending and grouping actions and permissions for 
authorization of a requesting user to access or use a requested protected system resource 
in a computer system, said system comprising: 

an access control policy associated with said requested protected system resource, 
said acc e ss c o ntrol pul i cy having a permission list of permitted identities for use of sai d 
protect e d system resource, and said permission list having and at least one action group 
tag [[and]] with associated action indicators , wherein a finite quantity of action indicators 
are reused among a plur ality of action group tags to control a number of unique 
permissions less than or equal to the product of the quantity of allowable action 
indicators and a quantity of allowable action group tags ; 

a permission list evaluator for evaluating an access control policy permission list 
according to a specific permission definition associated with said action group tag, said 
permission definition providing a correlation between members of a set of action 
indicators; and 

an authorization grantor adapted to grant authorization to perform actions on said 
requested protected system resource to said requesting user if said access control policy 
permission list includes an appropriate action indicator correlated to an action group tag. 

Claim 18 (currently amended): 

The system as set forth in Claim [[7]] 17 further wherein said access control policy 
permission list comprises a plurality of action group tags, each action group tag having 
one or more associated action indicators, such that resultant granting of authorization to 
act on said requested protected object is completed if the requested action is allowed by 
any of the associated action indicators of any of the action groups. 
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Claim 19 (currently amended): 

The system as set forth in Claim [[8]] 12 wherein said requested protected system 
resource comprises a computer file sent to a local computer from a remote computer over 
a computer network acti o n gr o up indica t ors are re usable ac r oss action g ro u p s such that 
each ac t ion gr o up may define - a unique implementa t ion o f each r eusable ac t i o n gr o up 
indicato r. 
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Claim 20 (currently amended): 

A system for managing permission indicators for computer system protected objects 
comprising: 

a plurality of permission indicator containers for an access control list Access - 
Con tr ol Lis t; 

a first set of permission indicators associated with a primary permission indicator 
container; and 

one or more additional sets of permission indicators associated with additional 
permission indicator containers . wherein said permission indicators are reused among 
said containers such that permission indicators are categorized and grouped logically to 
facilitate efficient and effective managem e nt o f s e curity policy control a number of 
unique permissions less than or equal to the product of a quantity of allowable action 
indicators and a quantity of allowable action group tags . 

Claim 21 (currently amended): 

The system as set forth in Claim 20 wherein said [[a]] first set of permission indicators 
and at least one other (additional) permission indicator set are equivalent permission 
indicators such that permission indicators are assigned unique permissive control 
according to the permission indicator container with which they are associated. 

Claim 22 (original): 

The system as set forth in Claim 21 wherein said equivalent set of permission indicators 
comprises the characters "a" through 1! z H and *A M through M Z". 

Claim 23 (original): 

The system as set forth in Claim 20 further comprising an action group tag associated 
with a permission indicator container. 

Claim 24 (currently amended): 

The system as set forth in Claim 23 further comprising an action group tag associated 
with a list of permission indicators in an access control list Access Con t r o l List entry. 
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